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KEY AND LOCK DEVICE 



FIELD OF INVENTION 

The present invention relates generally to key and lock 
devices, and more specifically to an electromechanical 
lock device suitable for use in a lock system wherein a 
variable electronic encryption key is used to increase 
security. The invention also relates to a method and a 
system using a variable encryption key, 

BACKGROUND 

It is previously known electromechanical lock systems 
wherein keys are assigned to different users in a con- 
ventional way similar to the way keys are distributed 
in a mechanical lock system. However, this distribution 
is difficult to accomplish and it is a cumbersome pro- 
cedure to distribute new keys. Also, there is always a 
danger that an unauthorised person obtains a system 
key, leading to security risks etc. 

Another problem is that electronic codes can be copied, 
e.g. by "recording" the code by means of a reader, 
whereby copies can be present in the key system without 
the knowledge of the system owner. 

Yes another problem of prior art is that key blanks can 
be used by anyone, posing a security risk. 

OBJECTS OF THE INVENTION 

An object of the present invention is to provide an 
electromechanical key and lock device of the kind ini- 
tially mentioned and used in a system wherein the dis- 
tribution and authorisation of keys and locks between 
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manufacturer, distributor and customer have a high 
security. 

Another object of the present invention is to provide 
an electromechanical lock device wherein the distribu- 
5 tion and authorisation of keys are facilitated. 

Another object is to provide a key device, which is 
difficult to copy without the knowledge of the system 
owner. 

Another object is to provide a key blank that is 
10 limited regarding its use to a limited number of 
distributors . 

Another object is to provide for easy and secure adding 
of keys and locks to a lock system. 

Another object is to provide a method and a system for 
15 storing and displaying information about a master key 
system in a secure way. 

Another object is to provide a method and a system for 
exchanging information between manufacturer, distribu- 
tor and end user of a key and lock device. 

20 SUMMARY OF THE INVENTION 

The invention is based on the realisation that the 
above mentioned problems of prior art can be solved by 
providing and changing electronic codes in keys and 
locks, wherein said codes are used for encrypted commu- 

25 nication between keys and locks and between different 

parties involved with the building and maintenance of a 
lock system. 



According to the present invention there is provided a 
method as defined in claim 1. 

According to the present invention there is also pro- 
vided a key and lock device as defined in claim 8 and a 
key and lock system as defined in claim 11. 

Further preferred embodiments are defined in the de- 
pendent claims. 

With the method, the key and lock device and the system 
according to the invention, at least some of the above- 
discussed problems with prior art are solved. 

BRIEF DESCRIPTION OF DRAWINGS 

The invention is now described, by way of example, with 
reference to the accompanying drawings, in which: 

Fig. 1 is an overall view of a hierarchical lock system 
with lock and key devices according to the invention; 

Figs 2a and 2b are representations of the information 
elements of a key and lock device, respectively, 
according to the invention; 

Fig. 3 is a figure showing an example of the informa- 
tion flow of the system shown in figure 1; 

Fig. 4 is an overview of electronic key code elements 
provided in a key and lock device according to the 
inventions- 
Fig. 5 is a diagram exemplifying security for data 
exchange between manufacturer, distributor and 
customer; 



Fig- 6 is an overview of the database encryption used 
with the invention; and 

Fig. 7 shows exemplary database file encryption tables. 
DETAILED DESCRIPTION OF THE INVENTION 

Preferred embodiments of the invention will now be de- 
scribed. In order to provide a clear description, the 
expression "key" will be clarified by the addition of 
"physical" if key refers to a physical key, i.e., a 
mechanical key adapted for use with a lock, and by the 
addition of "electronic" or "encryption" if key refers 
to an electronic key, such as an encryption key. 

In addition, the prefix "e" is used for denoting en- 
crypted information and the prefix w d" for denoting de- 
crypted information. The encryption key used follows 
the prefix. Thus, for example, eKx (Filel) denotes a 
Filel encrypted with the encryption key "Kx". 

It this description, reference is sometimes made to a 
"device". A device in the context of the invention is 
to be interpreted as a key or lock device. 

Initially, a lock system comprising key and lock de- 
vices according to the invention will be described with 
reference to fig. 1, which shows a typical distribution 
of hardware and software tools among different hier- 
archical levels, namely, customer 100, distributor 200 
and manufacturer 300, 

User keys 

In the customer system 100, there are several user keys 
101 adapted for use with a number of locks 20. The user 
keys and the locks together constitute a master key 



system (MKS) . Each key has a unique individual elec- 
tronic code controlling its function. The electronic 
code is divided into different segments for the use of 
manufacturers, distributors, and customers. A public 
segment is provided for open information while a secret 
segment is provided for secret information. The seg- 
ments are further divided into different electronic 
code elements or items. The electronic key code is fur- 
ther discussed below in connection with the description 
of protected modes. 

Programming and authorisation key 

There is at least one customer programming and authori- 
sation key (C-key) 102 for a customer system 100. C- 
keys, together with D-keys and M-keys (see below), will 
also be referred to in this document as system keys 
(SYS-keys) . 

Customer programming box 

At the customer, there is a programming box 106 adapted 
for connection to a computer (PC) 104 via e.g. a serial 
interface. This programming box comprises a static 
reader 107 and it is used for programming in the cus- 
tomer system. A static reader is a key reader without a 
blocking mechanism and thus comprise electronic cir- 
cuits etc. for reading and programming a key. 

Although a customer programming box is shown in the 
figure, this box can be omitted in very small lock sys- 
tems . 

Customer software 

The customer has access to the personal computer 104 
running customer administration software (C-software) 
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with open system information only. Thus, the C-software 
keeps track of which keys are authorised in which locks 
in the master key system in question in a so-called 
lock chart. However, secret identities (see below) of 
all keys are stored in encrypted form, which only can 
be read by means of a system key. 

Authorisation key for the distributor 

There is a distributor authorisation key (D-key) 202 
for the distributor of the lock system, who can be e.g. 
a locksmith. 

Distributor programming box 

At the distributor, there is also a programming box 206 
adapted for connection to a computer (PC) 204 via e.g. 
a serial interface. This programming box can be identi- 
cal or similar to the one described in connection with 
the customer system 100. 

Distributor software 

The distributor has a special computer software (D- 
software) for the personal computer 204. The D-software 
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distributor and customer software were one system. This 



is necessary for the distributor if he is going to be 
closely involved with servicing the customer system. 

Authorisation key for the manufacturer 

There is a manufacturer authorisation key (M-key) 302 

for the manufacturer of the lock system. 

Manufacturer programming box 

At the manufacturer, there is also a programming box 
306 similar to the distributor programming box 206 and 
adapted for connection to a computer (PC) 304. 

Manufacturer software 

The manufacturer has access to the personal computer 
304 running software (M-software) with full authorisa- 
tion for operations regarding additions and deletions 
of keys and locks. 

Information Elements 

All keys and locks have a unique electronic identity or 
code comprising several information elements control- 
ling the function of the keys and locks. The informa- 
tion elements of a key or a lock will now be described 
with reference to figure 2a and 2b, respectively. 

The electronic code is divided into different segments 
for the use of manufacturers, distributors and custom- 
ers. Some public elements are common for devices of a 
MKS while a secret segment is provided for secret in- 
formation and is always individual for the group. 

Every electronic key code comprises the following 
parts : 
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• Public Key ID (PKID) comprising 

• Manufacturer identification (M) 

• Master Key System identification (MKS) 

• Function identification (F) 

• Group ID (GR) 

• Unique Identity (UID) 

• Encryption Key (K D es) 

• Secret Key ID (SKID) comprising 

• Secret group ID (SGR) 

Correspondingly, every electronic lock code comprises 
the following parts: 

• Public Lock ID (PLID) comprising 

• Manufacturer identification (M) 

• Master Key System identification (MKS) 

• Function identification (F) 

• Group ID (GR) 

• Unique Identity (UID) 

• Encryption Key (K D es) 

• Secret Lock ID (SLID) comprising 

• Secret group ID (SGR) 

The basic elements will now be described in more de- 
tail . 

M - Manufacturer 

M identifies the manufacturer of the master key system. 
Thus, each manufacturer using the invention is assigned 
a unique M code identifying keys and locks originating 
from the manufacturer* 

MKS - Master Key System 

MKS identifies the different Master Key Systems 100. A 
lock will accept a user key or a C-key only if they 
have the same MKS code. 
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F - Function 

F identifies the role of the device; whether it is a 
lock, a user key, a C-key, D-key, M-key etc. 

GR - GRoup 

5 GR is an integer identifying a group of devices. GR is 
unique in each MKS and starts at 1 with an increment of 
1. 

UID - Unique Identity 

UID identifies the different users in a group. UID is 
10 unique in each group, starts at 1 with an increment of 
1. Thus, the combination of group identifier and unique 
identity uniquely identifies a device in a MKS. 

K DES - Encryption Key 

The K DES comprises a randomly generated encryption key. 

15 In the preferred embodiment, the DES encryption algo- 
rithm is used, partly because its speed, and preferably 
the Triple DES (3DES) . There are several modes of 
operation of the DES encryption and two modes are pre- 
ferred with the invention: ECB (Electronic Code Book) 

20 and CBC (Cipher Block Chaining) . 

K DES is identical in all devices in a master key system. 

K DES is in no way readable from the outside and is only 
used by the algorithms executed internally of the key 
and lock devices. This is a very important feature as 
25 it eliminates the possibility to copy a key just by 

reading the contents of its memory. Furthermore, K DES is 
present only in keys in functional mode, see the dis- 
cussion below of the protected mode. 
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K DES is used in the authorisation processes taking place 
between different devices. Thus, for a key to be able 
to operate a lock, both the key and the lock must have 
the same K DES - Otherwise, the authorisation process will 
5 fail. 

SGR - Secret GRoup 

SGR is a randomly generated number that is the same for 
one group. The above mentioned information elements as 
well as other electronic data information used in a key 

10 and lock system according to the invention are of 

course information vital to the function of the system. 
Therefore, in order to ensure the integrity of the 
data, MAC (Message Authentication Code) is used for 
some of the data. In a key or lock device, it is used 

15 for each authorisation list in the chip using K DES . It 
is also used for some data elements before the device 
is put into functional mode (see below) as well as for 
some other data elements. In the C-, D T , or M-software, 
MAC is used for some non-encrypted data files. 

20 A key and lock system according to the invention dis- 
plays a very high security level. The security archi- 
tecture is based on the fact that a system key, i.e., a 
c _ / d-, or M-key, can work with many different soft- 
ware. Thus, it is not easy to change the authentication 

25 encryption key for each authentication executed. A 
typical information flow in the hierarchical system 
shown in figure 1 is shown in figure 3. This figure 
exemplifies the complexity of the system and of the 
information exchanged between the different levels, 

30 i.e., manufacturer, distributor and customer. 



In the example, the customer wants an addition of a 
user key to his master key system (step 401) . Thus, 
using a planner software (step 402), , information re- 
garding the requested changes is transferred to the 
manufacturer through e.g. the modem connection 108-308, 
see figure 1. At the manufacturer 300, using the M- 
software 304 (step 403), the M-software database 304 is 
accessed (step 404) by means of an M-key (step 405) . 
The M-software database is then updated and relevant 
information sent to the D-software (step 406), e.g. 
through the modem connection 308-208. 

At the distributor 200, the D-software database 204 is 
accessed (step 407) and updated by means of a D-key 202 
(step 408) . A device in protected mode belonging to the 
MKS in question is procured and programmed by means of 
the D-key 202 and the programming box 206. 

At the customer 100, the C-software 104 receives infor- 
mation from the distributor (step 409), e.g. by means 
of the modem connection. The C-software database is 
accessed (step 410) and updated and the new device de- 
livered by the distributor (step 411) is programmed by 
means of the programming box 106 and a C-key 102 (step 
412). When the protected device has been put into func- 
tional mode (step 413), the M-software 304 is alerted 
of that fact and the M-software database updated 
accordingly. 

The reader realises the complexity of all these opera- 
tions and the need for a simple and yet secure way of 
transferring electronic information as well as the key 
or lock device itself. 



Protected Mode 

To address the problem of secure transfer of a device 
to a customer or a distributor, for example, a feature 
of the lock and key device according to the invention 
is the so-called protected mode. This essentially means 
that users at the different hierarchical levels, i.e., 
manufacturer, distributor, and end user have full con- 
trol of the authorisation of the devices belonging to 
the system. 

This is accomplished by the use of the variable encryp- 
tion key stored in the electronic key code of the de- 
vice. The function of this variable encryption key will 
be described in the following with reference to figs. 
4a-e, wherein the electric code content stored in an 
electronic memory of a device is shown. 

Initially, a blank device is made at the manufacturer, 
i.e., a device without mechanical or electronic coding. 
Thus, the electronic code memory is empty, see fig. 4a. 

The next step at the manufacturer is to add the code 
element specific for the manufacturer in question, see 
fig. 4b. This second element, labelled W M" , designates 
the specific manufacturer and is unique for each manu- 
facturer. Thus, it is possible just by reading the M 
element to find out from which manufacturer a key 
originates . 

The element labelled "K DES - M " is the DES encryption key 
used by the manufacturer M as a transportation or 
storage code. As already stated, the encryption key K DES 
necessary for operating devices is only present in de- 
vices in functional mode, i.e., activated keys and 



locks operable in a customer MKS 100. The K DE s-m key is 
provided by the manufacturer software (M-software) and 
it is not possible for anyone but the manufacturer 
having the M-software to provide a key blank with the 
unique K DES - M key for that specific manufacturer. In 
that way, keys are protected during storage at the 
manufacturer because they are useless for anyone but 
the correct manufacturer. 

When the manufacturer is about to send a device to a 
distributor, an electronic code element specific for 
the distributor in question is added, see fig. 4c. This 
element, labelled *D", designates the specific dis- 
tributor and is unique for each distributor. This is 
stored in the position normally used by the MKS code. 

At the same time, at the manufacturer, the encryption 
key K DE s-m is replaced with K des -d, an encryption key 
unique for the distributor in question. However, to be 
able to carry out this change, an authentication 
process must be performed between the manufacturer pro- 
tected key and the M-key. This authentication process 
is successful only if the encryption keys of the manu- 
facturer protected device and the M-key, i.e., K DE s-m/ 
are identical. The encryption key K DE s-d is stored in the 
M-software, from where it is retrieved after a success- 
ful authentication process. Provided with the K des -d en- 
cryption key, the device is in distributor protected 
mode . 

When an order is placed by a customer, either to the 
manufacturer or to the distributor, a process to place 
the key in customer protected mode is initiated, as de- 
scribed with reference to figure 3. Information needed 



for this process is then sent electronically from the 
manufacturer software to the distributor, but not in 
plain text. Instead, it is sent encrypted with the dis- 
tributor encryption key Kdes-d- For example, the cus- 
tomer encryption key K DES -c for devices in customer pro- 
tected mode is sent in the following format: 

©Kdes-d ( Kdes-c) 

Other relevant information elements, such as MKS, GR, 
UID, K DES , and, if no customer protected mode is used, 
K DES C r are sent encrypted in the same way. This infor- 
mation is then downloaded into the distributor pro- 
tected key. 

In order to decrypt the encrypted information, an 
authentication process must take place at the distribu- 
tor. This process takes place between the protected de- 
vice and the D-key, in which the K DES - D encryption key 
is stored. The code elements are thus decrypted, 
whereby the distributor protected device shown in fig- 
ure 4c is transformed into a customer protected device 
shown in figure 4d. At the same time, the correct func- 
tion code element SX F" is stored, indicating the func- 
tion of the element, e.g. as a user key. 

However, the device leaving the distributor can not yet 
be used in the final master key system of the customer, 
i.e., it is not in functional mode. By means of the C- 
software and a C-key, the customer accepts the customer 
protected device and replaces the K DES -c encryption key 
with K DES , see fig. 4e. Only then can the device be used 
in the master key system. 



The C-key is normally supplied from the manufacturer 
directly to the customer. The expression "customer pro- 
tected mode" refers to the fact, that no other than the 
correct, authorised customer can use a key delivered by 
a distributor because the lock system keys must the 
accepted by the system by means of a C-key. 

The feature that a physical key, i.e., a system key is 
used for changing the code of another device several 
advantages- Firstly, a physical key is easy to handle. 
Secondly, it provides for a secure system. No one can 
put a device into functional mode without a correct 
system key (e.g. C-key). 

In an alternative embodiment of the invention, the dis- 
tributor step is omitted. Thus, the manufacturer is re- 
sponsible for the steps described with reference to 
figs. 4a-c and delivers both the devices and the system 
key to the customer. This does not affect the security 
of the system as long as the devices and the system 
keys are delivered separately. 

Alternatively, if the customer so requests, the key can 
be delivered to the customer in functional mode, i.e., 
with the Kdes already stored. That would give a less se- 
cure system but the possibility to omit one or several 
steps shows the flexibility of the protected mode 
concept . 

As already stated, the F information element - the 
Function element - of the electronic code determines 
the role of the device. This element is "0", i.e., un- 
defined during storage at the manufacturer or distribu- 
tor and is given a predetermined value when the key is 



put into functional mode. The value depends on the role 
of the key; whether it is a lock or a user, C-, D-, or 
M-key. The exact way this identification is made is not 
important to the invention. 

Data exchange security 

In the following, the security aspects of the data ex- 
change between software on the different hierarchical 
levels will be discussed with reference to figure 5. 
Each pair of manufacturer-distributor, manufacturer- 
customer and distributor-customer has its own encryp- 
tion key in order to ensure sufficient security. How- 
ever, the same encryption keys are used in both direc- 
tions, e.g. both from a distributor to a customer and 
vice versa. All required encryption keys are stored in 
the software in question. The encryption keys are de- 
livered together with the software but if the encryp- 
tion keys have to be updated, new encryption keys are 
sent encrypted with the current communication encryp- 
tion keys from the manufacturer. 

Users and system keys 

Every user of the system shown in figure 1 has to be 
identified by the software used. To this end, each user 
has his/her own unique username and belongs to one of 
three user categories: superuser, read/write, or read 
only. The different categories have different privi- 
leges and access restrictions, which will be discussed 
briefly in the following. 

A superuser can change user rights and system keys 
ownership. He can also change password and PIN code of 
all system keys and users and change C-key authorisa- 



17 

tion in software. Furthermore, he can perform all 
operations allowed to a read/write user. In order to 
get access to a software, a superuser needs a special 
system key, a so-called master system key and to enter 
5 a PIN code. There is only one master system key for 
each software. 

A read/write user can change authorisation in the lock 
chart of a MKS. He can also decrypt and encrypt file 
for transfer to other software of the system. In order 
10 to get access to a software, a read/write user needs an 
authorised system key and to enter a PIN code. 

In order to get access to a software, a read only user 
needs a key belonging to the MKS and to enter a pass- 
word. A read only user can only read the configuration 
15 of a lock system, i.e., view a lock chart and can not 
make any authorisation changes etc. 

There is also an authentication protocol between user, 
system keys and the different software used. A software 
identification encryption key K SW iDj is stored in soft- 

20 ware in an encrypted file. The encryption key Kswioj is 
unique for each system key and the full authentication 
process follows the following steps: First, public 
identities are exchanged between software and system 
key. The user then inputs username and PIN code. The 

25 software then verifies the authenticity of the system 
key in a way similar to what is described below under 
the heading "Database security" using the above men- 
tioned unique software identification encryption key. 
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Database security 

In the following, aspects on database security will be 
discussed with reference to figures 6 and 7, which 
shows the database encryption used with the system 
5 shown in figure 1- In one MKS, different information 

items are stored in different files. This means that if 
an encryption key is broken, just a part of the data- 
base has been broken. Examples of different information 
elements are: 

10 • Filel - lock chart 

• File2 - list of keys and locks with their public 
identity (PID) 

15 • Filei 

Each of these files is encrypted with a separate en- 
cryption key, in the example named K DB -Fir K D b-f2/ «• Kdb-fi, 
see figure 6. 

20 A user accessing a software will give his/her username 
and a PIN code (unless in case of a read only user, 
wherein a password is input instead) . The user also 
uses a system key j and an authentication process is 
initiated. Assuming a successful authentication pro- 

25 cess, an encryption key K SYS j stored in the system key j 
used for accessing the software is used in the follow- 
ing decryption processes. As is seen in figure 6, K SYS j 
is used when retrieving the set of encrypted encryption 
keys K db -fi, K DB - F2 , - K DB -Fi, etc. used for encryption of 

30 the database files 1, 2, 3 etc. Thus, the encryption 
keys Kdb-fi, K db -f 2 , ... K DB _ F i, etc. are themselves stored 
encrypted with the encryption key K S y S j and are de- 



crypted by means of that encryption key stored in the 
authorised physical system key. 

In order to read filel, for example, the decrypted key 
K DB -Fi is used for decrypting the information stored in 
the database. However, in order further to increase se- 
curity, the encryption key of a file is modified each 
time the file is accessed. This is carried out by means 
of a modifier, R DB -i in figures 6 and 7. The actual en- 
cryption key used for decrypting a particular file is 
called KDB-Fi -mod = K DB -Fi © Rdb-l Each time Filei is 
stored, a new R D b-i is calculated, the file i is en- 
crypted with the new DB -Fi-mod and the new R D b-i is stored 
in clear. 

It is important that encryption keys used are not 
stored for an unnecessarily long period of time. There- 
fore, see figure 6, the data elements surrounded by the 
box A are stored in primary memory only and not on 
disk. The data elements and information files sur- 
rounded by the box designated B in figure 6 are stored 
on disk. This solution provides for a secure storing of 
the key database, as the encryption keys exist in the 
computer only for as long as it is turned on. So for 
example, if a computer with a database is stolen, there 
is no danger that the decrypted encryption keys will be 
present in the computer system. 

Identification procedure 

When a key is inserted into a lock, an identification 
procedure is initiated. This identification procedure 
is based on the use of encrypted keys and is further 
described in our co-pending application SE-9901643-8 , 
to which reference is made. However, the important fea- 



ture is that two devices communicat ing with each other 
must have the same encryption key in order to success- 
fully perform a process, such as an authentication pro- 
cess . 

Preferred embodiments of the invention have been de- 
scribed above. The person skilled in the art realises 
that the lock device according to the invention can be 
varied without departing from the scope of the inven- 
tion as defined in the claims. Thus, although DES en- 
cryption has been described in connection with the pre- 
ferred embodiment, other encryption methods can be used 
as well. 
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CLAIMS 

1. A method of authorising a key or lock device 
5 (20, 101), comprising the following steps: 

- creating a first user device (20, 101) comprising an 
electronic circuitry having an electronic memory 
(101a) adapted for storing an electronic code, 

storing in said electronic memory (101a) a first 
10 encryption key (K des -m, K DE s-Dr Kdes-c* K D es) i 

characterised by the step of 

carrying out a software operation by a first system 
device (102, 202, 302) having said first encryption 
key (K D es-m. K DE s-Dr K DES -c) , by which software operation 
15 said first encryption key stored in said electronic 

memory is replaced by a second encryption key, and 

wherein said second encryption key is identical to 
an encryption key stored in a second user device 
(20, 101), thereby making said first and second user 
20 devices operable with each other. 

2. A method according to claim 1, wherein said 
first system device is a system key of a master key 
system. 

3. A method according to claim 1 or 2, wherein 

25 said first user device is a user key (101) of a master 
key system (100) . 
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4. A method according to claim 1 or 2, wherein 
said first user device is a lock (20) of a master key 
system (100) . 

5. A method according to any of claims 1-4, 

5 wherein said electronic encryption keys (K D es-m/ K D es-d/ 
Kdes-c, K des ) are unreadable from outside said electronic 
circuitry . 

6. A method according to any of claims 1-5, 
wherein said encryption keys (K D Es-Mr Kdes-d* K D es-c/ Kdes) 

10 are DES encryption keys, preferably Triple DES encryp- 
tion keys. 

7. A method according to claim 6, wherein the mode 
of operation of the DES encryption is selected among 
the following modes of operation: Electronic Code Book 

15 and Cipher Block Chaining. 

8. An electromechanical key and lock device, com- 
prising 

an electronic circuitry having an electronic memory 
(101a) adapted for storing an electronic code, said 
20 electronic code uniquely identifying the device and 

comprising a first electronic encryption key (K des -m/ 
Kdes-D/ K DE s-Cr Kqes) 9 

characterised by 

said first encryption key being adapted to be replaced 
25 by a second encryption key by means of an authorised 

software operation carried out by a system device (102, 
202, 302) having said first encryption key (K DES -Mr 
Kdes-d* Kdes-c) - 



9. A device according to claim 8, wherein said 
system device (102, 202, 302) is a key having a pro- 
grammable electronic circuitry, 

10. A device according to claim 8, wherein said 
electronic encryption key (K DES ) is unreadable from out- 
side said electronic circuitry. 

11. A key and lock system comprising: 

- a plurality of user devices (20, 101) comprising: 

- a plurality of user keys (101) having an elec- 
tronic circuitry comprising an electronic memory 
adapted for storing a variable electronic encryp- 
tion key, and 

- a plurality of locks (20) having an electronic 
circuitry comprising an electronic memory adapted 
for storing a variable electronic encryption key, 

- wherein a user key and a lock are operable only if 
there are stored identical encryption keys in the 
user key and the lock, 

characterised by 

- at least one system device (102, 202, 302) having an 
electronic circuitry comprising an electronic memory 
adapted for storing a permanent electronic encryp- 
tion key, and 

a computer program software adapted to change the 
variable electronic encryption key of a user device 
from a first to a second encryption key as a result 



of a successful authentication process carried out 
between 

- a lock or user key having a stored variable elec- 
tronic encryption key, and 

- a system device having an identical encryption key 
as said lock or user key. 



ABSTRACT 



A method of authorising a key or lock device follows 
the following steps. First, a key or lock is provided 
with an electronic circuitry with an associated memory. 
Then, a first encryption key (K des -m* Kdes-d^ K DES -cr K DES ) 
is stored in the memory- By means of a software opera- 
tion, the first encryption key stored in said elec- 
tronic memory is replaced by a second encryption key. 
This second encryption key is identical to an encryp- 
tion key stored in a second user device, thereby making 
said first and second user devices work with each 
other. This provides for a secure way of distributing 
keys or locks. 

(Figs. 4a-e for publication) 
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